Cloud Security

Weighing Pros, Cons of Cloud Computing Security

NIST Scientists Raise Questions, Now Seek Answers
Weighing Pros, Cons of Cloud Computing Security
As Vivek Kundra, the new federal chief information officer touts the benefits of cloud computing, a group of computer scientists from the National Institute of Standards and Technologies have outlined the information security pros and cons of cloud computing as they dive into a year-long effort to develop guidance for the technology.

The presentation, Effectively and Securely Using the Cloud Computing Paradigm, is not intended to provide official NIST guidance or policy but is presented to engage government IT managers in a discussion on the benefits and security challenges of cloud computing.

"Cloud computing is a convergence of many technologies (and) some have their own standards," the presentation states. "This convergence combined with massively scaled deployments represents leap-ahead capabilities."

Among the potential cloud computing benefits identified by the computer scientists: dedicated security teams, greater infrastructure security, reduction in certification and accreditation activities, simplifying compliance analysis, low-cost disaster recovery and rapid reconstitution of services.

The information security challenges they identified included conflicts with existing data dispersal and international privacy laws, data ownership, service guarantees, securing virtual machines, massive outages and encryption needs.

Other concerns the NIST computer scientists raised included moving personal identifiable information and sensitive data to the cloud, using service-level agreements to obtain cloud security, contingency planning and disaster recovery for cloud implementations and handling compliance.

"So where are we?" the NIST scientists asked in their presentation. "Today, cloud standards don't exist. Grid computing has many standards but isn't the same model. SOA/WE (service-oriented architecture/web services) has standards but this only applies to the applications running on the cloud. Standards will be vital to achieve success. ... (You) can't standardize what you can't define."

And, defining definitions and models related to cloud computing and its security is what NIST intends to do. By early fall, NIST intends to publish special publications that address the problems cloud computing solves, the technical characteristics of cloud computing and how best to leverage cloud computing and obtain security.

Do you have questions or comments for the NIST Cloud Research Team? If so, contact project lead Peter Mell at or program manager Tim Grance at

About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.